feat(graph): introduce graph.inspect.v1 contract and schema for SBOM relationships

- Added graph.inspect.v1 documentation outlining payload structure and determinism rules.
- Created JSON schema for graph.inspect.v1 to enforce payload validation.
- Defined mapping rules for graph relationships, advisories, and VEX statements.

feat(notifications): establish remediation blueprint for gaps NR1-NR10

- Documented requirements, evidence, and tests for Notifier runtime.
- Specified deliverables and next steps for addressing identified gaps.

docs(notifications): organize operations and schemas documentation

- Created README files for operations, schemas, and security notes to clarify deliverables and policies.

feat(advisory): implement PostgreSQL caching for Link-Not-Merge linksets

- Created database schema for advisory linkset cache.
- Developed repository for managing advisory linkset cache operations.
- Added tests to ensure correct functionality of the AdvisoryLinksetCacheRepository.

.gitea/workflows/export-ci.yml

@@ -60,6 +60,14 @@ jobs:
       - name: Trivy/OCI smoke
         run: ops/devops/export/trivy-smoke.sh
 
+      - name: Schema lint
+        run: |
+          python -m json.tool docs/modules/export-center/schemas/export-profile.schema.json >/dev/null
+          python -m json.tool docs/modules/export-center/schemas/export-manifest.schema.json >/dev/null
+
+      - name: Offline kit verify (fixtures)
+        run: bash docs/modules/export-center/operations/verify-export-kit.sh src/ExportCenter/__fixtures/export-kit
+
       - name: SBOM
         run: syft dir:src/ExportCenter -o spdx-json=$ARTIFACT_DIR/exportcenter.spdx.json